Software Patching

Hopefully most of us know that Software Patching is a key element in ensuring our devices are secure, with Patch Management being one of Cyber Essentials five technical controls. With the majority of vendors automating this, you’d think it would be a no brainer! But I’ve recently noticed that many of the millennial cohort are too busy to allow updates time to install. And it’s not a MAC or PC specific problem, this also applies to mobiles. 

I recently discovered several devices in daily use to be more than two years out of date! With remote working becoming the new normal, this really worries me. Am I alone? How do we encourage the general public to accept updates rather than simply ignoring them? Let me know your thoughts. Any wisdom is gratefully received!

LuJam supports Cyber Essentials in Jersey and Guernsey Channel Islands

Working with our partners in the Channel Islands LuJam Cyber is helping to cyber secure the Islands fast.

Wherever Cyber Essentials is being adopted as a standard in the world we are active and this is particularly true of Commonwealth and ex Commonwealth countries.

As part of #MissionPossibleCyber we are helping to cyber secure SMB’s across the UK and Ireland, the Channel Islands and the Isle of Man.

Some parts of the country are adopting Cyber Essentials faster than others and are putting strong incentives in place e.g. Scotlands £1000 for 1000 SMB’s scheme to get 1000 SMB’s secure by the end of March 2020.

LuJam provides Continuous Monitoring against the Cyber Essentials 5 controls standard.

Within 7 days you can be secured to the Cyber Essentials standard.

Contact chris@lujam.com or +447881 500002 and we will put you in touch with one of our partners.

Here is the situation in the Isle of Man https://www.financeisleofman.com/news/isle-of-man-businesses-can-now-apply-for-funding-to-support-cyber-security-accreditation/

Here is the situation in Scotland

Ireland is also supporting Cyber Essentials https://www.itgovernance.eu/en-ie/cyber-essentials-ie

LuJam supports Scottish £1000 Cyber Essentials scheme

Look at this amazing scheme available to #SMB‘s in Scotland !!

It is becoming more and more important to be Cyber Secured to the Cyber Essentials level and also to be Certified.

There are similar schemes running in the Channel Islands and Home Counties and West of England but this is the best we have seen.

Working with our partners LuJam Cyber can make this £1000 go a really long way.

When our LuJam sensor is installed it will automatically analyse and protect to the Cyber Essentials standard.

Working with one of our Certification bodies you can get the basic CE Certificate and be well on the way to Cyber Essentials plus. Our integrated Vulnerability Scanner and MSP API and Advanced End Point Agents ( for example ) are going to be a very important part of the solution.

Contact me on chris@lujam.com or +447881 500002 and I will put you in touch with one of our partners.

For your information: The Cyber Essentials standard is growing across the world – especially in Commonwealth and ex Commonwealth countries like Canada and West Africa and Australia.

More on the Scottish £1000 offer here https://www.scottish-enterprise.com/learning-zone/business-guides/components-folder/business-guides-listing/keep-your-business-cyber-secure

Here is the situation in the Isle of Man https://www.financeisleofman.com/news/isle-of-man-businesses-can-now-apply-for-funding-to-support-cyber-security-accreditation/

Discover the situation in Jersey, Channel Islands

States of Jersey suppliers certification requirements

From 2018, suppliers awarded any new government contract worth more than £25,000 will need to commit to adopting Cyber Essentials, or a higher standard, within 12 months.

From 2020, all suppliers in receipt of contracts valued at more than £25,000 will need to demonstrate adherence to Cyber Essentials or a higher standard.

https://www.gov.je/StayingSafe/BeSafeOnline/ProtectYourBusinessOnline/pages/cyberessentials.aspx

https://www.gov.je/StayingSafe/BeSafeOnline/ProtectYourBusinessOnline/pages/cyberessentials.aspx

Guernsey is following similar guidelines.

https://www.ciisf.org/

Ireland is also supporting Cyber Essentials – https://www.itgovernance.eu/en-ie/cyber-essentials-ie

Hertfordshire has this scheme running – https://www.hertsgrowthhub.com/cyber-security

Being Cyber Secure is important but so is….

being in Control of your business….

and being in control means that you have the right business information at your finger tips displayed in a simple and meaningful way…

That might mean that it is integrated into your Business Information applications. Part of an overall Business Information dashboard.

To get the information you need to ..

Detect ..

the presence of all devices that are using your networks. Not just PC’s, laptops, ipads and mobiles but ALL IoT devices … alarms, cctv, voice activated devices,manufacturing controls etc etc

Company issued devices and Bring your own Device ( BYOD ) .. those network using devices that staff and visitors bring into your business premises.

It is nearly always a surprise to our clients how many devices are actually in use in their premises.

When you have detected them you have VISIBILITY of the hardware aspect and then you need to

Monitor ..

Who and what and where and when and why are these devices talking to ?

On your premises or off your premises ?

What is the typical pattern of communications ?

( A useful facility built into LuJam is that of monitoring your Internet Connection – when is it up or down ?? )

We establish ” normal behaviour ” and we are increasingly able to detect and highlight abnormal behaviour ( eg the salesperson that hates using the CRM application but is suddenly on it for 48 hours straight … is he leaving ? )

We also find that people are using applications and visiting websites that they shouldn’t be. ( Bad websites are simply black listed and blocked – but can be white listed )

Now you have VISIBILITY of how devices and applications are being used on your network and a

Digital Asset Register..

and you have an understanding of communications and applications usage patterns

NOW you are really getting in control !!

Now COMPLIANCE with the policies and directives that you issued as a Director of the Business with Fiduciary Duties in an effort to comply with eg GDPR Regulations – can be verified.

( N.B. Typically a companies board has to think about many aspects with regard to cybersecurity:

Regulation: Are regulatory requirements being met?

Fiduciary duty: Is the company acting appropriately with regard to cybersecurity for our stakeholders ( customers and shareholders ) ?

Company liability: How does a failure to perform effectively in cybersecurity affect overall business performance?

Personal liability: If I am the CISO and we underperform in cybersecurity, might that affect my position? )

Now your Cyber Insurer can assess the

RISK

in your business.

Your Cyber Security responsible person or company can easily help you get certified to Government standards ( Cyber Essentials, CE Plus, ISO 27001 ) but this will not just be an annual assessment it is a 365,24-7 compliance with those standards.

With a

Risk Assessment and Cyber Essentials certification your Cyber Insurer will balance Risk against Premium and be inclined to reward you for your efforts.

So you are cyber secure, you are in control, you are compliant, your policies are actually being adhered to you saved the business money on cyber insurance and GDPR risks and we like to say..

Peace of Mind has arrived.

N.B. We develop LuJam Cyber guided by GCHQ, NCSC, IASME and our partners and clients. If there is something you would like to see us doing please let us know.

If you would like an online demonstration of the LuJam Cyber solution please contact chris@lujam.com or call +44 (0)117 373 6186 and ask for Chris ref. online demo.

Macnamara ICT and LuJam Cyber partner for Continuous Cyber Monitoring

30 June 2019

Macnamara and LuJam

Macnamara has been involved with Cyber Essentials since the start, first becoming a certification body in April 2015, a few months after the scheme launched. We see the Cyber Essentials approach as a fantastic way for small businesses to achieve greatly improved security within their limited time and resource budgets. This is true whether they go for certification or not: we always advise that they do, after all they have done the work and might as well have the recognition to go with it.

One weakness though that we have been conscious of with Cyber Essentials is the risk of a false sense of security. In our experience, small businesses often approach the initial readiness process with great enthusiasm – especially if they are going for certification. The problem is that certification at both the self and externally assessed levels only covers a specific point in time. It can be hard to maintain the enthusiasm to make sure controls are kept in place once the certification buzz has passed. We have found that pressing immediate needs of the moment often lead to people overriding or even removing controls altogether.

We were very excited therefore when we came across the Lujam’s continuous monitoring approach. There are, of course, plenty of monitoring tools around but most are beyond the technical skills or budgets of our small business clientele. And, like all MSPs, we have our own suite of monitoring tools. But these are focussed on system support and maintenance rather than security. The LuJam sensor and service perfectly plugs the gap, giving us an affordable approach to monitoring client environments specifically around the five Cyber Essentials security controls.

It is easy for us to build LuJam into our service for existing clients as in most cases they are already paying for a variety of tools we use to protect them – several of which we can replace with LuJam. And, for new clients, LuJam provides us with a means of creating a big impression quickly.

For those clients to whom we have explained the benefits we have encountered precisely zero resistance – especially as we are able to onboard them at very low cost. In our first month as a Lujam partner we have found homes for the LuJam sensor in financial management, manufacturing and a counselling practice.

One particularly interesting (for us) use case is in a factory where we have VLAN’d the industrial control systems apart from the office network with some monitoring traffic passing from the control system network to the main office network and a limited requirement for external support companies to access the control systems. As we have no computers (in the traditional sense) on the control system network we were stumped for a cost-effective way of monitoring this network, LuJam provides a perfect mechanism for doing so. We know precisely what traffic should be on that network and we can use LuJam to quickly alert us to anything unusual.

LuJam also provided the answer to another conundrum. A client had sublet part of their office building but wanted to be able to keep a light touch eye on traffic in and out of the sublet network in the sense of wanting to know how much bandwidth was being consumed and making sure that nothing questionable was happening on their publicly identifiable IP address. LuJam allows to implement some very light tough and non-intrusive monitoring to satisfy this requirement.

If you would like an online demonstration of the LuJam Cyber solution please contact chris@lujam.com or call +44 (0)117 373 6186 and ask for Chris ref. online demo.

Demo Day – The Final of The NCSC Cyber Accelerator

NCSC Cyber Accelerator third cohort.

In the Great Room of the Royal Society of Arts, London, overlooked by Viscount Folkestone, First President of the Society of arts, painted by Gainsborough, representatives of the Government and Security bodies listened to 7 start-ups (including LuJam), their introducers and key speakers talk about their solutions for helping protect this nation and in many cases all nations.

This was the final presentation of the year and the speakers included the Secretary of State for Digital, Culture, Media and Sport, the Right Honorable Jeremy Wright, Baroness Neville-Jones (former Chairman of the Joint Intelligence Committee) and Chris Ensor, Deputy Director for Cyber Skills and Growth, National Cyber Security Centre.

Our CEO Tim Moran outlined how we stopped 95% of cyber-attacks in just 7 days utilising the 5 Controls of the NCSC’s Cyber Essentials program and then provided continuous monitoring and risk checking.

Our CEO (Tim Moran) explaining how LuJam’s solution delivers effective Cyber Security in 7 days.

Our SMB market alone was a global $20 Billion opportunity and 50% of all SMB’s were now supported by Managed Service Providers (as well as IT Services companies, Telco’s and Internet Service Providers). 

Tim showed our impressive list of Telcos/Distributors/ODM’s and MSP’s as well as those mentors like GCHQ and Tech Nation we were working with.

Our predicted exponential growth comes from a basic formula of MSP’s times clients and prospects times multiple locations and networks.

However he also explained that we are barely scratching the surface as huge opportunities in addition to SMB include Remote Workers (to enterprises), cyber insurers and supply chains ie the Enterprise related market and the Home Office/Wealth Management sector.

Also, yet to be analysed is the global shipping market.

Baroness Neville-Jones Keynote theme was that simple, direct effective cyber security was required and Tim and I spent some time discussing this with her.

Rt Hon. Baroness Neville-Jones DCMG: “If you make security complex, it’s much less likely to be effective. Make it simple, make it direct and you will raise the level of performance.”

Many Potential Investors surrounded Tim after his talk which was great to see.

We explained to one that although at the moment we were spending quite a lot of time bringing each Telco/MSP onboard right now (and listening to their detailed needs and requirements) using digital sales techniques we were streamlining and speeding up the onboarding process very quickly.

If you would like an online demonstration of the LuJam Cyber solution please contact chris@lujam.com or call +44 (0)117 373 6186 and ask for Chris ref. online demo.